From Polymorphic Attacks to Deepfakes: The Shifting Threat Landscape

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | RSS

One thing I’ve learned after years of covering cybersecurity is that the “state of the threat landscape” rarely sits still long enough to fit neatly into a headline. Every time you think you’ve understood the latest trend, something shifts under your feet. That’s part of the fun—and part of the challenge.

That dynamic energy is exactly why I invited Brad LaPorte onto the TechSpective Podcast for this latest episode. Brad has lived just about every angle of cybersecurity you can think of: military intelligence, consulting, analyst work at Gartner, and now CMO of Morphisec. He’s been in the room for many of the big transitions—tooling changes, strategic changes, and the increasingly blurry line between human-driven attacks and AI-driven ones.

Our conversation went much deeper than a simple “state of ransomware” update. Ransomware itself has grown so far beyond the old definition that it feels strange to keep calling it that. The classic “encrypt everything and demand crypto” playbook isn’t what defines the modern threat. The real story now is how fast attackers adapt, how quickly new tactics spread, and how criminal groups behave more like full-fledged businesses than hobbyist hackers.

We dig into all of that, but in a conversational way rather than a technical lecture. The thread that kept coming up is how small pieces of data—details that seem harmless on their own—can snowball into serious compromises when attackers start connecting the dots. Brad shared experiences that underscore how those tiny cracks get leveraged in ways most people never consider. It’s a reminder that cybersecurity is not only about the tools in place, but about the environment those tools live in.

Another theme we circled around is the growing presence of AI in both defense and offense. AI-driven attacks aren’t a distant theory anymore. They’re active, adaptive, and often unsettling in how quickly they shift tactics mid-stream. Brad and I talked about what that means for defenders, why “preemptive” approaches are gaining traction, and how companies are trying to outpace threats that no longer behave like traditional malware at all.

We also talked about the human side—something that doesn’t always make it into technical coverage. Cyberattacks aren’t abstract events. They’re personal. They exploit habits, patterns, and moments of distraction. Anyone who has ever clicked something out of instinct rather than scrutiny will relate to some of the scenarios we discuss.

One thing I love about hosting this podcast is the space it creates for unscripted, honest discussion. Brad and I covered a lot—ransomware economics, polymorphic attacks, data exposure, the “funhouse mirror” problem of deception technologies, and even the strange comfort of knowing that pizza orders can still give away national secrets. Yes, really. And no, I’m not explaining it here; you’ll have to listen.

If you work in cybersecurity, follow cybersecurity, or simply exist in a world shaped by cybersecurity, this episode is worth your time. It’s lively, candid, and packed with insight without requiring a glossary on the side. And if past experience is any guide, the things we talk about today may feel very different six months from now. That’s part of why these conversations matter.

Give it a listen, subscribe if you enjoy it, and let me know what topics you want to hear explored next.